Per these docs, I understand once we have the firebase path in storage, we can get the download url by calling getDownloadUrl() on this path's ref. My question is all the docs suggest to get the download url first then download file data based on these image, but can we persist this download url in our realtime db for the file, so we don't have to call getDownloadUrl() each time?
Current file upload and download workflow ->
Upload:
1. upload file to storage in specific path.
2. store path in realtime DB to persist for future downloading purposes
Download
1. get object from realtime DB and retrieve storage path
2. get storage object
3. get url from getDownloadUrl() on that object
4. download data from url
Better upload/download workflow ->
Upload:
1. upload file to storage in specific path.
2. get download url from storage object
3. store download path in realtime DB to persist for future downloading purposes
Download
1. get object from realtime DB
2. get download url stored in object
3. download data from download url
What is getDownloadUrl() doing under the hood and is the given url static?
The download URL is meant to be persisted. It's a waste of time for clients to call it every time. This is illustrated consistently in Firebase sample code.
Related
How can I retrieve Firebase storage image in flutter without getting downloadUrl and display it within some image compatible widget. I don't want my users to anyhow see download url even if they open my code
If you're using the FlutterFire Storage library in your app, you can call getData on a reference to the file to get its data. So with that you just need to know the path to the data, and you won't need the download URL in your application. Once you have the data locally, you can create an image out of it with: Converting a byte array to image in Flutter?
Unlike download URLs, the call to getData() is checked by security rules, so you'll have to ensure that the user is permitted to access the file.
I have installed Firebase extension Delete User Data which triggers of user deletion. I have mentioned the storage paths as per the provided instructions.
Where in Google Cloud Storage do you store user data? Leave empty if
you don’t use Cloud Storage. Enter the full paths to files or
directories in your Storage buckets, separated by commas. Use {UID} to
represent the User ID of the deleted user, and use {DEFAULT} to
represent your default Storage bucket. Here’s a series of examples. To
delete all the files in your default bucket with the file naming
scheme {UID}-pic.png, enter {DEFAULT}/{UID}-pic.png. To also delete
all the files in another bucket called my-app-logs with the file
naming scheme {UID}-logs.txt, enter
{DEFAULT}/{UID}-pic.png,my-app-logs/{UID}-logs.txt. To also delete a
User ID-labeled directory and all its files (like media/{UID}), enter
{DEFAULT}/{UID}-pic.png,my-app-logs/{UID}-logs.txt,{DEFAULT}/media/{UID}
Cloud Storage Paths: {DEFAULT}/profilepic/{UID}.jpeg
I am always getting the following log
File: 'profilepic/uid_1234.jpeg' does not exist in Cloud Storage, skipping
It has been report in the github issues for firebase extension. For Extension version: 0.1.7 check the temporary fix by using your storage bucket name instead of DEFAULT.
To find your bucket name:
Go to your Storage dashboard in the Firebase console.
Click the Files tab, then look in the header of the file viewer.
Copy the URL to your clipboard. It's usually in the form project-id.appspot.com.
Instead of
{DEFAULT}/profilePhotos/{UID}.jpg
use:
your-project.appspot.com/profilePhotos/{UID}.jpg
where your-project.appspot.com is your bucket name.
I am not sure the latest extension 0.1.8 fixed the issue
Source
Hi I want to clarify whether Firebase storage ref path can be obtained from the download url for the purpose of security
Yes, the object path is embedded right there in the download URL, which you can see if you examine it carefully. There is even an API that converts a download URL into a reference.
This question already has an answer here:
Firebase Storage getDownloadUrl's token validity
(1 answer)
Closed 4 years ago.
I'm developing a Flutter app and I don't know which is the best way to store and retrieve an image from Firebase Storage.
For example, I'm implementing a show profile picture feature:
CircleAvatar(backgroundImage: NetworkImage(profilePictureUrl))
I get profilePictureUrl from my database. I can save its value on database in two way: saving its firebase download url, or saving its firebase path.
Case 1: saving firebase download url
With getDownloadUrl I get this kind of url:
https://firebasestorage.googleapis.com/v0/b/{project}/o/{path}?alt=media&token={token}
If I save it on my database I would persist an Url with a token inside. Do you think that this token will expire sooner or later?
Case 2: saving firebase image path
If I save the image path on my database than I have the overhead of calling getDownloadUrl before any image access, for example:
Firebase Storage path value: images/users/{userId}/profile
Future<String> getProfilePictureUrl(String path) async {
var ref = _firebaseStorage.ref().child(path);
String url = (await ref.getDownloadURL()).toString();
return url.toString();
}
Dilemma
What is the best practice to handle the images upload and download with Firebase storage?
Thank you.
Case 1 - The download URL will remain valid until you manually revoke it in the console; i.e. it doesn't just expire. See Revoking Firebase storage download urls. The URL is considered 'unguessable'. Revocation exists so that you can change it if it ever became compromised.
Case 2 - You will receive the same URL every time (the same one which you can inspect in the Console) - unless, of course, someone has manually revoked it in the console and created a new one.
I am trying to build a Firebase admin utility that I can use to upload files to Firebase Storage and then return a long lived URL that I can store in the Firebase Realtime DB to access this file.
I believe I can do this in the Firebase Console by going to my project's console, clicking Storage on the left, clicking Upload File. Once the file is uploaded, I can get a URL by selecting the file in the list to open the right information pane, and then expanding the File Location section.
In that section there is a Download URL which appears to be a long lived but revocable URL containing a token of some type. Is this URL safe to store in a DB for long term storage? It does appear to be the same URL that is returned from the file upload api, which another Google Codelab (for Flutter) showed being stored in the realtime database.
However, I cannot figure out how to generate that type of URL from the Firebase Storage Management API. I am using NodeJS, but it should apply to all versions of the API AFAIK. I can only find a getSignedUrl call which does not seem to return the same URL, and appears to be time limited and containing a link to the service account...not what I want to store in a database.
let bucket = admin.storage().bucket();
bucket.upload('innovation3.jpeg', {destination: 'image_assets/innovation3.jpeg'},
function(err, file) {
file.getSignedUrl({action: 'read'},
function(err, url) {
console.log('Url: ' + url);
})
});
Is it possible to get this URL from the Management API, or do I need to use some other method. What is recommended?
Signed URLs created with the Firebase Admin SDK (backed by the the Cloud Storage SDK) are different from Download URLs created by the Firebase client SDKs. They serve the same general purpose, but you can expect them to look different from each other. They are both safe to store long term, except you should know that Signed URLs have an expiration date, which are you not specifying in your call. In that case, I don't know what the effective expiration is going to be.
Each invocation of getSignedUrl will generate a new URL. There is not just one that's unique to the file.